I have put together a little github java project to help us explore the logoutproblem. We can use this to file bug reports to the browser vendors. This isjust a first attempt to explore the space with a minimal jetty browser. TheREADME explains how it works.

What I have found so far could be useful:
- Chromium and Safari on OSX can be gotten to ask for a new certificate
- Firefox and Opera cannot. Even if the server tells them the certificate isbroken (I think that is what is being done by throwing the exception) thosebrowser send the same certificate. That is clearly an error, as even normalclients may choose by mistake an invalid certificate.

But perhaps there are other tools we should be using. Any ideas? Looking forSSL Experts to help out here :-)